Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Travelex won't say if it ruled out paying $9m ransomware demand

Thursday, 9 January 2020

Foreign exchange company Travelex has confirmed a software virus that prompted it to shut down its computer systems and websites, including in New Zealand, was ransomware.

The BBC has reported that a ransomware gang has demanded US$6 million (NZ$9m) from the London-based company.

Travelex spokeswoman Lucinda Sewell told Stuff the company was not commenting on that, and would not say whether Travelex had ruled out paying a ransom.

​Travelex is part of the London-listed Finablr group which has seen its market value plummet by 17 per cent, or £183m (NZ$361m), in the wake of the attack.

A survey this year by US-based AT&T Cybersecurity of 145 information technology professionals found 40 per cent believed it should be illegal to pay ransomware demands, which could reduce the motivation for such attacks.

**READ MORE

Travelex shuts down computers after ransomware attack

Schools promised better protection from ransomware

Ports of Auckland among first to report fall-out from ransomware attack**

Travelex branches in New Zealand and overseas are open but have been processing transactions manually.
Travelex branches in New Zealand and overseas are open but have been processing transactions manually.

But there currently appear to be no rules in New Zealand preventing either businesses, state-owned organisations or individuals from paying up.

The State Services Commission, Internal Affairs and a spokesman for former justice minister Amy Adams were unable in 2016 to identity any rules that would apply to state-owned orgsanisations on paying ransoms.

​Travelex' online services remained offline on Thursday morning.

The company said the ransomware was a program known as Sodinokibi that is also commonly referred to as Revil.

'Travelex has proactively taken steps to contain the spread of the ransomware, which have been successful,' it said in a statement.

​Ransomware attacks typically involve hackers infiltrating a computer system and then encrypting valuable data before demanding a ransom in return for a software key that can be used to recover scrambled files.

But the BBC reported that the hackers of Travelex had also claimed they had downloaded 5 gigabytes of sensitive customer data.

Travelex confirmed some of its data had been encrypted, but said there was no evidence 'structured personal customer data' had been encrypted, or that any data had been copied and retained by the hackers.

'Having completed the containment stage of its remediation process, detailed forensic analysis is fully underway and the company is now also working towards recovery of all systems.

'To date Travelex has been able to restore a number of internal systems, which are operating normally. The company is working to resume normal operations as quickly as possible and does not currently anticipate any material financial impact,' its statement said.

Chief executive Tony D'Souza said Travelex was continuing to offer foreign exchange services to customers manually.

The company operates foreign exchange booths in dozens of countries, including New Zealand.

Travelex said it was in discussions with the National Crime Agency and the Metropolitan Police in Britain, which were conducting their own criminal investigations as well as with regulators 'around the world'.